Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process.
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246.
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during user registration.
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.
Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.
The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.